Field of the Invention
The present invention relates to an information processing apparatus, a method of distinguishing mounting of an encryption unit in an information processing apparatus, and a storage medium.
Description of the Related Art
In recent years, accumulating a large amount of data in a secondary storage device such as a hard disk drive (hereinafter referred to as HDD) and performing various control by using the data is becoming universal in embedded apparatuses. In such an apparatus, in conjunction with an increase of accumulated data, user-specific data including such data is also increasing. Strict protection is necessary because damage can be wide ranging once user-specific data leaks to the outside. One method of protection is to encrypt such data. By encrypting data, it is possible to prevent a leakage of the data even if a secondary storage device that was mounted on an apparatus gets stolen for example, because data stored in the secondary storage device cannot be easily decrypted.
In a case when encrypting data stored in an HDD which typifies such a secondary storage device, the four methods below can be considered.
(1) Encryption using software
(2) Encryption by a hard disk controller (hereinafter referred to as an HDC) in which an encryption module is integrated
(3) Encryption by an encryption module attached between an HDC and an HDD
(4) Encryption by an encryption module integrated within an HDD
As an example of (4) described above, there are products that comply with an Opal Subsystem Class (hereinafter referred to as Opal) that Trusted Computer Group established.
In an embedded apparatus to which an HDD is mounted, there are cases in which the above described method (3) is taken, because a high speed operation is desired, because usage of an encryption function is changed to necessary/unnecessary by a user, and in order to avoid requiring a special HDC, and the like. For the method (3), there is an advantage in that it means that the encryption module can be used commonly in many products. However, because the HDC and the encryption module are separated in the method (3), mutual authentication between them is needed and it is necessary to confirm that the HDC and the encryption module are a legitimate combination.
Japanese Patent Laid-Open No. 2007-226667 recites a data processing apparatus which performs encryption/decryption of data after having performed a mutual authentication of the HDC and the encryption module. However, in this document, even after confirming the combination of the HDC and the encryption module, it is necessary to continuously monitor whether the connection between the encryption module and an HDD is disconnected so that the HDD is not extracted and used. It is necessary that a configuration be taken such that data of the HDD cannot be accessed as long as authentication is not performed again, in a case where it is detected that the connection between the encryption module and the HDD is disconnected.
As described above, after having performed a mutual authentication between the HDC and the encryption module, it is possible to perform data communication therebetween, and during that time, it is possible to protect data of a user by continuously processing to detect a disconnection of the connection with the HDD.
Because such encryption modules met both cost and user needs, they were often externally attachable optional components in the past. However, in recent years, there are increasingly cases in which an encryption module is mounted as standard equipment due to heightened security consciousness. As a result, there are cases in which an HDC and an encryption module are mounted on the same circuit board. In this way, an encryption module, whether externally attached or integrated (onboard mounting), is used as a common component.
When attempting to disconnect the HDC and the encryption module in a state in which the HDC and the encryption module are mounted onto the same circuit board, it is necessary to reconstruct the circuit pattern on the circuit board and to pull off the encryption module from the circuit board. Thus, in a case when these are mounted onto the same circuit board, it becomes impossible to extract an encryption module in an easy way such as simply replacing cables. Accordingly, in such a case, mutual authentication between an HDC and an encryption module, and detection of a disconnection of a connection ceases to be necessary processing. In particular, it is necessary that processing for detecting that a connection is disconnected be made to be optimal processing as necessary because it influences the performance of data encryption/decryption processing in the encryption module.